Skip to main content
SkillJury
Back to the directory
trailofbits/skillsSoftware EngineeringFrontend and Design

semgrep

Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output.

SkillJury keeps community verdicts, source metadata, and external repository signals in separate lanes so ranking data never pretends to be a review.

SkillJury verdict
Pending

No approved reviews yet

Would recommend
Pending

Waiting on enough review volume

Install signal
3

Weekly or total install activity from catalog data

Sign in to review
0 review requests
Install command
npx skills add https://github.com/trailofbits/skills --skill semgrep
SkillJury does not have enough approved reviews to publish a community verdict yet. Source metadata and repository proof are still available above.
SkillJury Signal Summary

As of Apr 30, 2026, semgrep has 3 weekly installs, 0 community reviews on SkillJury. Community votes currently stand at 0 upvotes and 0 downvotes. Source: trailofbits/skills. Canonical URL: https://skills.sh/trailofbits/skills/semgrep.

Security audits
Gen Agent Trust HubPASS
SocketPASS
SnykWARN
About this skill
Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output. Run a Semgrep scan with automatic language detection, parallel execution via Task subagents, and merged SARIF output. All scan results, SARIF files, and temporary data are stored in a single output directory. In both cases, always create the directory with mkdir -p before writing any files. The output directory is resolved once at the start of Step 1 and used throughout all subsequent steps. Required: Semgrep CLI ( semgrep --version ). If not installed, see Semgrep installation docs . Optional: Semgrep Pro — enables cross-file taint tracking, inter-procedural analysis, and additional languages (Apex, C#, Elixir).

Source description provided by the upstream listing. Community review signal and install context stay separate from this narrative layer.

Community reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context
FAQ
What does semgrep do?

Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output.

Is semgrep good?

semgrep does not have approved reviews yet, so SkillJury cannot publish a community verdict.

Which AI agents support semgrep?

semgrep currently lists compatibility with Skills CLI.

Is semgrep safe to install?

semgrep has been scanned by security audit providers tracked on SkillJury. Check the security audits section on this page for detailed results from Socket.dev and Snyk.

What are alternatives to semgrep?

Skills in the same category include grimoire-morpho-blue, conversation-memory, second-brain-ingest, zai-tts.

How do I install semgrep?

Run the following command to install semgrep: npx skills add https://github.com/trailofbits/skills --skill semgrep

grimoire-morpho-blueconversation-memorysecond-brain-ingestzai-tts
Related skills

More from trailofbits/skills

trailofbits/skills/Software Engineering

dimensional-analysis

This skill orchestrates a dimensional-analysis pipeline for codebases that perform numeric computations with mixed units, precisions, or scaling factors. The main skill context is a workflow controller only: it delegates scanning, vocabulary discovery, annotation, propagation, and validation to specialized subagents,...

Weekly installs
806
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
trailofbits/skills/Software Engineering

ask-questions-if-underspecified

Ask clarifying questions before implementing when requirements are ambiguous or incomplete.

Weekly installs
3
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
trailofbits/skills/Software Engineering

modern-python

Modern Python project setup with uv, ruff, and ty for Python 3.11+.

Weekly installs
3
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
trailofbits/skills/Software Engineering

agentic-actions-auditor

Static security analysis for GitHub Actions workflows invoking AI coding agents.

Weekly installs
2
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
Related skills

Alternatives in Software Engineering

franalgaba/grimoire/Software Engineering

grimoire-morpho-blue

Query Morpho Blue deployment metadata and vault snapshots via the Grimoire CLI.

Weekly installs
999
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource franalgaba/grimoire
sickn33/antigravity-awesome-skills/Software Engineering

conversation-memory

Persistent memory systems for LLM conversations with tiered storage and intelligent retrieval.

Weekly installs
998
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource sickn33/antigravity-awesome-skills
nicholasspisak/second-brain/Software Engineering

second-brain-ingest

Process raw source documents into structured, interlinked wiki pages.

Weekly installs
998
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringWriting and ContentNo reviews yetSource nicholasspisak/second-brain
aahl/skills/Software Engineering

zai-tts

High-quality text-to-speech audio generation using GLM-TTS with customizable voices and playback parameters.

Weekly installs
998
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource aahl/skills